Lara Natale / Feb 2022
Photo: European Union, 2022
The European Union will seek to cement its status as a global arbiter of digital technology and the online economy over the course of the coming year.
The bloc certainly has the wind in its sails given general acceptance of its standards on data protection — rules now known more commonly by the acronym GDPR. And there can be no doubts about the EU’s pressing ambition and determination to go further by exporting its rules, standards, and now even its standardisation process, to the rest of the world.
Margrethe Vestager, the bloc’s digital policy chief, recently said she wants the EU to “be in the forefront of this global momentum and [...] inspire like-minded partners.” Thierry Breton, the internal markets commissioner, said EU digital policy had a “constitutional basis” in democratic digital principles that should advance its policy globally.
Fittingly then, 2022’s standard-setting in Brussels has kicked off at a blistering pace, fuelled by the great aspirations of the French Presidency of the Council of the EU.
But the questions raised by the EU’s bid for prompt digital leadership are almost as numerous as the pieces of the legislative puzzle it has been assembling over the past few years.
There are in fact a number of dissonances created by the frenetic rush to pass the many laws that the EU regards as vital to lock in its industrial relevance in what is likely to be not just a Digital Decade, but a digital century.
Squaring global cooperation with strategic autonomy
The Digital Single Market was the umbrella initiative grouping the bulk of regulatory proposals under the EU’s 2014-9 legislative mandate. During the current five-year mandate European Commission President Ursula Von Der Leyen adopted a “digital sovereignty” prerogative. As her mandate got underway, the brief became more contextualised and relabelled “open strategic autonomy”.
Cybersecurity is one area where protectionism legitimised by geopolitical tensions collides with the need for global cooperation and building resilience. Localising data storage is not permitted by international agreements, but European certification and cloud models increasingly teeter towards this approach. At the same time, “open standards” and “interoperability” are popular objectives and politically-hyped buzzwords.
Also on resilience-building, the EU recently announced €10bn in funds to address the global supply shortage in chips, or semiconductors. Breton seeks a “new third way” of autonomy for Europe, distinct from approaches taken by the US or China. Yet regulatory measures for the EU to produce its own chips will be directly inspired from the U.S. Defense Production Act.
Near-limitless scope versus “Better Regulation” and subsidiarity
“Better Regulation” principles adopted by the European Commission under previous president, Jean-Claude Juncker, apply a “one in, one out” policy to law-making, to ensure the volume of legislation remains manageable and coherent.
The idea also is to respect “subsidiarity,” which guarantees Member States their right to regulate some areas, particularly around digital content in the culture and audio/visual spaces.
But the EU’s goals, when it comes to digital policy, seem to have steered the bloc away from better and towards bigger. As a result, EU regulatory actions in the digital sphere risk departing from the process-oriented principles and broader standardisation strategy inherent in the concept of better regulation.
Besides, the whys can cut across the hows. Increasing emphasis on European values in the broader European way of life framework further exacerbates this risk of taking shortcuts in the name of bigger politics.
Questionable attention to measuring impact, enforcement, and delivery for citizens
Evaluating whether standards are working in practice proves complicated and undependable. Deadlines for national implementation are often missed, and EU authorities are accused of “underenforcement”.
Landmark judgments, like the GDPR-based Schrems II decision, have set back the EU’s global competitiveness by cutting off an artery for transatlantic data flows, which in the online economy have become vital to business cooperation.
Upcoming EU “Acts” - the Chips Act, Data Act, AI Act, among others - are set to place regulatory frameworks around large areas of the digital economy’s supply chain, market commodities, key technologies and more. An “Act” is not a legally defined term in the EU treaties, so the legal muscle of these proposals is yet to be revealed. Hastily drafted proposals have recently been rebuffed internally at several instances, pointing to insufficient preparation work and the associated risk to quality of regulation.
Updating or upcycling rules
All the above considered, we can infer that internal market tools may be edging towards the limits of their potential when it comes to regulating the Internet.
Calls to update legal texts no longer lead to forthright legal updates. Extending the scope of existing rules to capture the digital economy was the approach taken in the 2014-9 Digital Single Market package. Results were inconsistent. Negotiators still bear battle-wounds from fraught and protracted updates for copyright, satellite and cable, and e-Privacy (which is still pending) among others.
In the current regulatory frenzy, even a legal obligation to review rules to extend their scope can be kicked into the long grass. This is the case for reviewing geo-blocking rules to possibly include Audiovisual services; or the loud unease around where a recast eCommerce Directive would have ended up, precipitating the Digital Services Act (DSA).
Transatlantic consternation
Parts of the Digital Markets Act (DMA) and the DSA indicate that the EU is tilting towards disciplines such as competition and criminal law enforcement.
The US administration criticises the approach as EU protectionism and essentially as an infraction proceeding against Silicon Valley companies, reverse-engineered into regulatory proposals. US Secretary of Commerce Raimondo said the DMA “will disproportionately impact US-based tech firms and their ability to adequately serve EU customers and uphold security and privacy standards”, and her remarks have been followed up with strident diplomatic engagement.
The US is reflecting on its future framework, with the Biden administration launching cross-regional discussion fora for inspiration. In October 2021, the EU-US Technology and Trade Council launched, signalling a new mutual willingness to combine competitive and regulatory clout - for example on AI and 5G security - and mitigate the power held by China.
Next month, we’ll see the Alliance for the Future of the Internet, convening democratic countries around a common vision for a free web.
Back to life, back to reality
It remains unclear how the elevator will descend from high-tower office dialogue, back to ground-floor communication with citizens. How can better regulation and open strategic autonomy meet expectations - such as preserving citizens’ rights, privacy and security?
Can, and should we, forgive the EU for pursuing a form of digital strategic autonomy full of deliberate and potentially necessary ambiguities in the name of fulfilling politically stated ambitions?
The EU standard-setting train is journeying at breakneck speed. We can expect 2022 to be a year of milestones, with major negotiations both concluding, commencing and continuing.
As it becomes more evident that traditional internal market tools alone would not lead all the way to fulfilling both politically stated ambitions and citizens’ expectations together, clear and transparent regulatory dialogue should be prioritised more than ever. It will need to span disciplines, stakeholder groups, citizen, civil society, business and government. Crucially, regulatory dialogue will need to span geographies, to ensure optimal alignment where it is expedient, and understanding where priorities and approaches diverge.
The EU can either see this as a threat to its political leadership, or as an opportunity to embrace its “open strategic autonomy”, based on the foundational principles and processes for digital rules it has presented to the world.
